User: Password:
Subscribe / Log in / New account

Re: disable-cap-mlock

From:  William Lee Irwin III <>
To:  Stephen Smalley <>, Andrea Arcangeli <>, Andrew Morton <>, lkml <>,, Chris Wright <>
Subject:  Re: disable-cap-mlock
Date:  Thu, 1 Apr 2004 09:51:14 -0800

On Thu, Apr 01, 2004 at 12:37:51PM -0500, Stephen Smalley wrote:
>> What prevents any uid 0 process from changing these sysctl settings
>> (aside from SELinux, if you happen to use it and configure the policy
>> accordingly)?

On Thu, Apr 01, 2004 at 09:44:05AM -0800, William Lee Irwin III wrote:
> I'm aware it does some very unintelligent things to the security model,
> e.g. anyone with fs-level access to these things can basically escalate
> their capabilities to "everything". Maybe some kind of big fat warning
> is in order.

Index: mm4-2.6.5-rc3/security/Kconfig
--- mm4-2.6.5-rc3.orig/security/Kconfig	2004-04-01 07:38:49.000000000 -0800
+++ mm4-2.6.5-rc3/security/Kconfig	2004-04-01 09:49:43.000000000 -0800
@@ -49,6 +49,13 @@
 	depends on SECURITY!=n
 	  This allows you to disable capabilities with sysctls.
+	  It effectively breaks the kernel's security model so that
+	  any user with fs-level access to /proc/sys/capability/*
+	  can escalate their privileges to "able to do anything",
+	  but some users have special-case needs for these things.
+	  Don't use this on any system with untrusted local users.
+	  It's probably best to firewall the living daylights out
+	  of anything using this also.
 source security/selinux/Kconfig
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

(Log in to post comments)

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds